[openssl-users] Verifying RSA-SHA1 signature?
nikolay.kudryavtsev at gmail.com
Mon Sep 12 17:07:44 UTC 2016
I have some data that was signed with RSA-SHA1
What's the proper way of verifying that data with a signature?
The signature is base64 encoded, so first I do:
openssl enc -d -A -base64 -in signature.txt -out signature.sha1
Then I do:
openssl dgst -verify pubkey.pem -signature signature.sha1 datafile.txt
openssl dgst -sha1 -verify pubkey.pem -signature signature.sha1 datafile.txt
Either of those fails with:
Whenever I try to verify data signed with my own key, everything works.
But for that data that I got from a third party nothing works. That
third party is adamant that the signature is correct and it's RSA_SHA1,
but they've been unwilling to explain the details on how they sign it
and what they use to verify.
So what are the proper way of dealing with this?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users